标签:
#include "stdafx.h" #include "stdlib.h" #include <windows.h> #include <EXCPT.h> #include <tchar.h> int main(int argc, char* argv[]) { BYTE shellcode[12]="\x66\xB8\x01\x20\x66\xBA\x04\x10\x66\xEF\xC3"; for (int i = 0; i < sizeof(shellcode); ++i){ printf("%04d,0x%02X\n", shellcode[i],shellcode[i]); } // SEH异常处理程序是在栈中捕获异常,其局限性比较大 BYTE oldByte = 0; PBYTE pAddr = NULL; DWORD dwProtect = 0; _asm mov ebx,ebx _asm push eax _asm pop eax _asm mov eax,eax _try{ _asm mov EAX,EAX _asm mov eax,eax _asm mov eax,eax _asm mov eax,eax HMODULE hMod = LoadLibrary(_T("user32.dll")); pAddr = (PBYTE)GetProcAddress(hMod, _T("MessageBoxA")); VirtualProtect(pAddr, 1, PAGE_EXECUTE_READWRITE, &dwProtect); oldByte = *pAddr; printf("pAddr:0x%08X\n", pAddr); printf("oldByte:%02d\n", oldByte); *pAddr = 0XCC; VirtualProtect(pAddr, 1, dwProtect, NULL); MessageBoxA(NULL, "Test","Test",MB_OK); } _except(EXCEPTION_EXECUTE_HANDLER){ MessageBoxW(NULL, L"接管异常", L"异常处理",MB_OK); VirtualProtect(pAddr, 1, PAGE_EXECUTE_READWRITE, &dwProtect); memset(pAddr, oldByte, 1); VirtualProtect(pAddr, 1, dwProtect, NULL); MessageBoxA(NULL, "Test","Test",MB_OK); } system("pause"); return 0; }
标签:
原文地址:http://www.cnblogs.com/Lthis/p/4639427.html
